Intraway Improves DOCSIS Security

DOCSIS Security & Usage Gets Super Boost

Here is my last review of SCTE Cable-Tec Expo 2011 cool products, ……. for now.  What I mean by that is that I have received several requests to review other products.  In addition I also plan on doing follow-up reviews on all these products once I have them in my lab.  I tried to stop and/or look at every booth but might have missed a product.  If that’s the case please get in touch with me and let me know why your product deserves a review too.

I first heard of Intraway’s products through a LinkedIn request to talk about DOCSIS security from Intraway’s CEO, Leandro Rzezak.  This immediately peaked my interest because today our DOCSIS networks are inherently insecure and many are unaware of this.  What do I mean by insecure?  No, not crying and sniffling in a corner.  They are open to theft of service, illegal intercept of the data transmitted, illegal wiretapping of phone calls, etc.  Even with Baseline Privacy Interface Specification (BPI+) DOCSIS is quite hackable as evidenced on a number of well-known hacking sites.  The cool factor in the Fraud & Network Usage Control module offered by Intraway is that they have developed effective algorithms which sit on-top of the most used provisioning systems, Cisco’s CNR and Incognito’s BCC.

The key features of Intraway’s Fraud Prevention module are:

[list type=”list2″]

• Automatically blocks cloned devices identifying the real customer and only blocking the illegal devices
• Automatically detects network maintenance tasks such as node splits preventing false positives
• Detects and reports actual subscribers uncapping their cable modems
• Supports roaming-allowed or roaming-prevention scenarios, as defined by the MSO
• When available, uses  PacketCable Multimedia to route rogue devices to a captive portal
• Allows subscriber-specific port-filtering to avoid SPAM via TLV11 comands in CM config files

[/list]

During the interview at their Expo show booth, Intraway’s CEO explained to me how they have refined their cloned modem detection algorithm over time to minimize false positives.  This is critical in keeping paying customers online and therefore satisfied.  He also shared with me a success story of the Intraway Fraud Prevention module installation in Latin America.  Upon installation, the Fraud module identified that the network had 2% of its online modems cloned (imagine just 10,000 subscribers – that would be 200 non-paying users).  After Fraud activation, the 2% of cloned modems were immediately deactivated and the cloned modem count went to 0%.  This is accomplished by the Fraud detection system working in collaboration with the provisioning system and the CMTSs, using DHCP server extensions and PacketCable Multimedia – it is a tremendous value add application.

What’s more is that Intraway is deeply involved with traffic usage & monitoring on the DOCSIS network.  Of course they use the old standby SNMP, but their real killer app is IPDR (Internet Protocol Detail Records).  Intraway can leverage a cable operators existing IPDR system or install their own IPDR collector.  IPDR collects data usage traffic in great detail on each cable modem with minimal impact to CMTS utilization because CM traffic data is streamed to the IPDR collector when CPU cycles are available in the CMTS.  This is different from SNMP queries which have no regard for CMTS utilization.  SNMP can also not realistically provide the level of CM usage detail that IPDR provides without risking significant CMTS over-utilization.

Now with Intraway’s Fraud detection product, you can also monitor and manage subscribers who are abusers of traffic.  I’m not talking about subscribers who are streaming lot’s of Netflix videos, but those who are successfully registering non-cloned modems, uncapping them and clogging the DOCSIS network 24×7 with Peer-to-Peer (P2P) file sharing traffic.  According to a source on Defcon.org, there are users with between three and six modems running continuously in this scenario in major MSO environments.  This is the perfect place for Intraway’s solution to identify and shutdown yet even more abusers.  This ties in to capacity planning, a major topic at Expo, if you build a bigger pipe (not tubes) people will fill it and you want paying subscribers filling it.  I’ll write more on capacity planning later.

With recent news headlines reading “A U.S. House Intelligence Committee is launching an investigation against Chinese telecommunication equipment suppliers Huawei and ZTE to find whether the companies pose a security threat to the country“, it is becoming more imperative that we as an industry take a pro-active approach to securing our DOCSIS networks.  Intraway’s solution may be a step towards that end.  I look forward to learning more about their products in the future as my firm works with clients to help secure their networks.